This week, we released a change that helps protect your account from malicious actors. Users with verified emails will, at times, be required to pass two step verification with that verified email even if they have not explicitly enabled 2SV.
We strongly encourage you to add an email address to your account, complete verification, and enable two step verification if you have not already done so.
Will we just get these periodically while logged in? It would seem pretty annoying for this to happen too frequently.
Will we be able to set how many times we get these?
And say the really low probability of someone guessing your password logs in occurs, and you don’t have 2SV enabled, will they also be prompted with this while we are?
Many questions!
Nonetheless, I appreciate the efforts to improve security.
This is a great change and it is amazing that Roblox is finally taking action on security! Will Roblox aim to move to add more types of security (Google Auth, Titan Key) or anything like that? (Link below for reference.) https://devforum.roblox.com/t/development-security-discussion/896443 Thanks, Roblox for finally taking action on security!
I’m excited that Roblox is adding this feature, as account security is quite important, 2SV is best if it’s semi mandatory. I hope that this will prevent the most common breaches of accounts, and make the platform more secure for developers and players that are unaware that they shouldn’t be sharing their password with others. I think this is a good idea for all, just an overall security improvement and having it semi mandatory is a good idea for those who may be unaware of breaching and accounts security’s importance.
They appear to be working on authenticator based 2FA (TOTP) as seen in the api documentation here.
But it isn’t enabled for everyone to use. So I’d suspect sometime next year they will enable it.
Why can’t we have 2FA on certain actions such as trades, group fund distributions, purchasing? These have been recommended several times and seems like a good solution for users losing their assets after having their account compromised.
Every day that passes without a rollout of proper 2FA beyond email verification is another day that users with valuable items are at risk of getting everything taken from them and having to go through support to roll it back (if they get a response).
This update is a step in the right direction, but I really wished that Roblox took account security more seriously.
Yeah, hopefully more security measures are added. As Roblox grows, assets become more valuable and therefore users deserve to have the right to fully protect their accounts to the best of their abilities.
I really hope that this is toggle-able, to me personally this sounds unwanted and inconvenient. I don’t want to go to work on one of my games and be inconvenienced by having to pass 2SV again, the initial login 2SV should be enough in my opinion.
You think you could do something like what Discord does with QR code scanning for 2 step verification?
It might be easier, since Roblox’s key demographic are children.
(Unless it’s too insecure)
Thank god. I personally use an authenticator and it would be a lot easier for me to access. Also, nobody can really get into an authenticator unless it’s a cloud based authenticator, so this would be a big up on authentication.
I disagree, this security change is a step in the right direction as @NINJAMASTR999 stated above and this would stop the stealing of Roblox accounts, which is great.
Sometimes users don’t know how to secure their accounts correctly and having this would save thousands of accounts.
My account was breached in the past even with 2SV + Account PIN though. Someone somehow bypassed both without sending me any email or indication of a sign in, and changed my settings despite there being an Account PIN enabled.
It’s nice to know that roblox is aware about the security problems and is trying to fix them. But it would be nice if instead of gmail 2FA if it used Google Auth instead.